Data Breach Protection Claims and Compensation

Our personal data is valuable, however too often organisations are misusing, losing or negligently allowing cybercriminals access to this information, the results of which can be devastating for anyone. 

We help victims of data breaches claim against organisations who have failed to protect their personal data. Our team can advise you if you have a valid claim and then guide you through the rest of the process. 

Get in touch with us today if you’d like to make a claim. 

Get In Touch

What is a data breach?

A data breach is an incident that leads to personal data being destroyed, lost, corrupted or disclosed. This includes someone passing on personal data without authorisation, someone accessing the data who shouldn’t, or the unavailability of personal data having a negative effect on an individual.

What is personal data?

Personal data is information which can be used to directly identify the relating persons. Personal data can also be information that can be used to indirectly identify a person, when used in combination with other information.

If an individual is identifiable from the information, then this may be personal data. Importantly, information must relate to an individual, in order for it to be considered personal data.

For example, although a name is a common means of identifying someone, a name alone, such as Jane Smith may not be sufficient to identify a specific person. However, a name in conjunction with a phone number and address relating to this name would make it constitute personal data.

How do I know if I’ve suffered from a data breach?

You might not always be made aware that you’ve suffered a data breach straight away, although organisations are bound by law to inform you as soon as possible, in some cases they might not be aware that the breach has taken place at all.

Here are some ways that you might be informed of a data breach:

  • You may be notified of a breach by an organisation by email, letter or phone call. An organisation may inform you that your personal data that is stored with them has been breached.
  • You could be copied into an email that contains personal information of yours. You may receive an email from an organisation containing your personal information and notice that other people have been copied in.
  • Your information may have been unintentionally shared via legal documentation. Your contact details may have been inadvertently shared with others in the course of a legal battle. This could lead to your information being shared with those who you are opposed against.
  • You may receive notice that a loan has been taken out in your name, or money has left your account. You could receive notification from a bank or credit organisation that your personal information has been used without your knowledge.
  • You may be contacted by a person you are trying to avoid who has been given personal data pertaining to you. An organisation may have intentionally or accidentally disclosed your contact details to persons who wish to harm you, such as an abusive partner or biological parent of a foster child.

Read more data breach examples to see if any of these are similar to your own case.

How to check a data breach

If you’ve been notified of a data breach in the case of the above examples, or if you believe that your personal data has been breached in another way, then we may be able to help you claim compensation.

Our team of friendly legal experts can advise you as to whether or not you’ve been the victim of a data breach. They can then guide you through the claims process, we’ll make sure to leave the legal jargon out of it and keep you updated with every step through your claim.

Unfortunately, not all data breaches can provide the grounds for a valid compensation claim. We’ll be able to let you know if you’re able to make a claim, if your claim isn’t valid then we’ll be able to point you in the direction of guidance elsewhere.

If we believe your case meets the requirements of a successful data breach compensation claim then we’ll explain your options and may take your case on a no win, no fee basis.

We’ll assess your data breach case free of charge. Use the contact form to let us know the details of your case and we’ll get back to you with an answer as soon as possible.

Reporting a data breach

Organisations are required to report all data breaches to the Information Commissioner’s Office (ICO). This public body upholds information rights in the public interest and fine organisations that violate data protection laws. The ICO took 28 enforcement actions against organisations in 2019 – these include telecoms provider EE and Her Majesty’s Revenue & Customs.

If you think you’ve been effected by a data breach

We can offer advice and guidance on your next steps.

Get In Touch

When should an organisation report a data breach?

According to the ICO, an organisation should report a notifiable data breach without delay and no later than 72 hours after becoming aware of it. However, the organisation does not always have to inform the individuals that are affected by the breach.

In cases where the breach of personal data only leads to a mild inconvenience on the individuals affected, organisations can avoid informing them altogether. Organisations must perform a risk assessment after discovering a personal data breach which should direct their actions. The ICO can, however, force them to inform individuals, if they deem the data breach to pose a serious risk.

Organisations who delay reporting a data breach could put an individual into even further risk of damage, this could then be used as the basis of a data breach claim.

What are the consequences of a data breach?

The consequences of a personal data breach can be far-reaching and potentially life-altering. Our team has fielded hundreds of data breach enquiries and understand how much they can affect a person’s life.

Financial – A data breach can have a devastating effect on your finances, regardless of how secure you may be. Many data breaches involving financial information don’t result in an immediate loss, however, as the data may be stored and sold at a later date.

Personal – In some cases, a personal data breach could lead to major life changes. A breach may force a person to move house, lose their job or be separated from their family. These have their own set of consequences that go beyond financial damages.

Psychological – Perhaps most importantly, a data breach can cause intense stress and psychological trauma to an individual, especially in cases involving abusive relationships and family disputes. These damages can not be understated and should be compensated accordingly.

How much can you claim for a data breach?

The amount of compensation you can claim for a data breach will depend on the circumstances. For example, in cases where your name has been breached in conjunction with financial details, you could reasonably claim up to £5,000. You may be able to claim more for a data breach if you can prove that breach has more than just damaged your finances. If the consequences of a data breach have negatively affected a pre-existing illness then you may be able to claim more compensation as a result.


Data Breach Help is run by the accredited Cobleys Solicitors Ltd, one of the largest specialist litigation practices on Merseyside. Recommended by The Times as one of the Top 200 Law Firms in the UK, Cobleys Solicitors Ltd runs Data Breach Help with its industry leading experts and premium resources.


How long do you have to make a claim for a data breach?

You have 6 years from the date of the breach to claim to provide evidence that you have suffered damages or stress related to it.

What constitutes a breach of data protection?

A breach of data protection is more than just the loss of information. It is a breach of security which has led to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. The cause for the breach can be accidental or deliberate.

How long does an organisation have to report a data breach?

An organisation should report a data breach to the ICO within 72 hours of discovery. They should inform any individual affected by the data breach as soon as possible, if the breach has posed them at risk of damage.

When must data breaches involving personal data be reported?

All personal data breaches that carry a risk to people’s rights or freedoms must be reported to the ICO. This means that organisations do not have to report all data breach involving personal data to the ICO or the individuals affected.

Is ransomware a data breach?

A successful ransomware attack which renders personal data inaccessible could be viewed as a data breach by the ICO. Data controllers are legally bound to take appropriate measures to ensure that personal data is secure, failure to do so finds them in breach of the Data Protection Act.

Can I claim compensation for a data breach?

Under the GDPR, you have a right to claim compensation from an organisation if you have suffered damage as a result of a personal data breach. You’ll only be able to do so, however, if the damages are significant enough to warrant a claim. You must have suffered  For example, you would not have a valid claim if a personal data breach resulted in a minor inconvenience to you.

The GDPR gives you a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law. This includes both “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress).

How common are data breaches?

Data breaches are more common than ever. Over 7000 data breaches were recorded in 2019 ( ) with over 15 billion records being recorded as lost. Whilst every breach might not be publicised in the news, thousands occur every year, affecting people from all walks of life.


What causes data breaches?

Common causes of tech data breaches are weak passwords, vulnerabilities in applications and malware. Hundreds of data breaches occur each year through insider error. Emails are sent to entire databases with sensitive information and records are lost through negligence. Data breaches are usually caused by people accidentally, as opposed to cybercriminals intentionally.